Zero-day exploits weren’t the sort of thing you found just by opening a malicious file and peering at the code. You had to track each reference the code made to the operating system or to other software applications on the machine to spot any suspicious ways it interacted with them.
